Analysis

  • max time kernel
    137s
  • max time network
    184s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 23:55

General

  • Target

    a733385af1440d1473f9d03674086400_JaffaCakes118.apk

  • Size

    20.5MB

  • MD5

    a733385af1440d1473f9d03674086400

  • SHA1

    a2dc5ca35bf16552a59aed20f365f95c80f46a25

  • SHA256

    be7bc26ee7c903c59ed98eb6e7f0becc24d7077fab41875a626ce334d8b0aaf1

  • SHA512

    1262bf084d551f2cf1fc53db0ddaf23d1fbcfef44a8ce6ffddabfcd72e8291cf5fa4e15e2bd75a11b5789294e652735e5dcab8b3229a8ef81cf558642675e16f

  • SSDEEP

    393216:VbeVdsxk/QRK/Aoro4IgJSOlEbeKEjut0lyIgpma2VHThZDCNc9f01sojmh:wVgk/AK/AIo4Dq5cutdz9IFNCWx01sou

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.ifreetalk.ftalk
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4268
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4297

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.ifreetalk.ftalk/databases/ftalk.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.ifreetalk.ftalk/databases/ftalk.db-journal
      Filesize

      512B

      MD5

      ba230acf0a05981385bf23a149ca5170

      SHA1

      4bc87333256b635292ef9da9eebb22193eba912a

      SHA256

      88faefdd55327a70d2ae42cfa0ac00891baf2eb809c8f8dac001e6656bf027c7

      SHA512

      ed8c92c398cb5ab57dd36c1c4c20826fbbd8bfd72983945bee7dbf1678b6780b43711e08771aa6b705fd13f2957dbb01883a6ddc3e77bb4aeddb9608f1c18d26

    • /data/data/com.ifreetalk.ftalk/databases/ftalk.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/com.ifreetalk.ftalk/databases/ftalk.db-wal
      Filesize

      120KB

      MD5

      9aaee876eb59deab9236f414b8f493e8

      SHA1

      487e11e24b732d156b5261baf0f6484e1f511719

      SHA256

      dd0c7991468bf64b1b6dc502f65140ad60d0074a17d8b3ad3de03f47ef764b0e

      SHA512

      c548580c8c0d1228ab23d39471010244f144e927565c2c6e7b0b8406661798b7265db584c174842e507a1e59577f9c4523e339e31159ab6a50afea3b50475743

    • /storage/emulated/0/ifreetalk/download/action/ACTION000/thumb.png
      Filesize

      5KB

      MD5

      2c342ff1ea2ce84056749b0eb3003c96

      SHA1

      897f3725ec79c30075e71bb98c18c3c028e90bcb

      SHA256

      de7cdf8856fe4f6b85eb88495ef7970e78767834db42082781e88481009ec4f2

      SHA512

      97ab8eed691da2fef68a809dac901d7af85bb8c665fa0206a47184f365ec7b1831a2130b5339dbff6a5804e4dd1780e6c3f5617918ac3a4e7275095ba07b0080

    • /storage/emulated/0/ifreetalk/download/action/ACTION001/thumb.png
      Filesize

      8KB

      MD5

      92b7d47aca056ec316aee120ca79a0b2

      SHA1

      811068ecb1f1f023bd6ed9c33d7c5b38d1394c63

      SHA256

      0c0ace35a9fba4290cb721280bc499ad8973f8a61542dbc3738159f6ff64617e

      SHA512

      d71386c1f38aac97f260de4d9ed441c1f860d4b55f4f030d7f0e4495320a8465641c38f239fb482df50bc6bd36f99cf77578ace44f1d076902a7611eab8f0a54

    • /storage/emulated/0/ifreetalk/download/action/ACTION002/thumb.png
      Filesize

      7KB

      MD5

      91d883581d590451fa1d5b617a793f8d

      SHA1

      dae876a59237400b31fd1c30c9e467c0bfaecc7d

      SHA256

      4859b0f4bd8b30194eefe6c3993e3ae48a06ead119cef353d7a03a8dc4cf3d65

      SHA512

      16e5e37bf6894105bfb14097d6b08eabd4a8480a262e9817d3215b3815f07b86daf0f19190fcebd4a580dcaa82286c0df429b31a5d47ae4eb84e5777ea0c1a19

    • /storage/emulated/0/ifreetalk/download/action/ACTION010/thumb.png
      Filesize

      5KB

      MD5

      4e8d097427319c04663269f0eb5b6d0b

      SHA1

      47963b13c790091f8acc5ece0b3978028503b08d

      SHA256

      27ebf2b512060d5e4da08e455139acbccd77a916e0fc45ab525bca3cdfd8fc5e

      SHA512

      9f947644ddd81f55404db62810ba3793bf00ecab6bb1c7ad0fc0e88261c51592a79ad4437665000b3d1422dd299e4f1232aa37270ef90e73fb0ebff09e7bbde0

    • /storage/emulated/0/ifreetalk/download/action/ACTION011/thumb.png
      Filesize

      5KB

      MD5

      0b48b3654802a369dc54ace4f6c34d7f

      SHA1

      cc5657c4eb9cadade6d6c5d11eb7e16fd8d2bba6

      SHA256

      e18a8c4bda6655c921436f305e23e079505a6a7de0c2a3c750b345b338b20f44

      SHA512

      d9c9dfb71f98220065d65485d0e5317efe4369bb6b02ad2d657a201dae97585ae32d6c9d8a8473d518998df87630e0bfe63721b95d5fcc4e374b800c3226a70f

    • /storage/emulated/0/ifreetalk/download/action/ACTION012/thumb.png
      Filesize

      6KB

      MD5

      6beb56ca613811c13265b13ad90181ae

      SHA1

      efa170c344cb23d1848faf798d1033c6b7c85717

      SHA256

      cf62da15f3c1ee2c80df203f5399dd5c3e54ca34614c54f72781847e04c9bad1

      SHA512

      3cd7d78ca1160bc0fd3d17c84986a2a38841068fa1127e1dd593ba593bb4ff5af4070f5c3930c670f6e3d12c4c0ac9388aac17fee6f65eb7852c67e387797cf2

    • /storage/emulated/0/ifreetalk/download/action/ACTION013/thumb.png
      Filesize

      7KB

      MD5

      1a102b45096f2615f0258e4fecb58a77

      SHA1

      2b933375f2dc29844c5d6374f2669367b9bd99a2

      SHA256

      0e969d013a94d8eeba1cfddff6226ecc43e74784f4aa2f639b8c350521c6c0a7

      SHA512

      92c938f05107c469a4aaf5592e9eef2eb48a4d541edb1e40b2a6a47080850386f036c655e691c1ec4cc6831526dbba318de122ba63c7cd25f28e564e6492e526

    • /storage/emulated/0/ifreetalk/download/action/ACTION100/thumb.png
      Filesize

      5KB

      MD5

      4301d94c670112130b8c017c83b69112

      SHA1

      d5d91d5a8275c7ddeccac0bb87a37e8232934fb8

      SHA256

      4c493cb76af244f9173f2c48333825c4dc7b0a6a863abb46d4765ff56af018d3

      SHA512

      e8fe39d4c93c8be8e7b6423740bdb51b153148fce9efa8d37b9a3ea018e9671c91236bcc0724b72b73e4975a19bbb6f883498004d2be8aad4489dafefd748018

    • /storage/emulated/0/ifreetalk/download/action/ACTION101/thumb.png
      Filesize

      6KB

      MD5

      15268059b89fdc813e345bdc8d917c59

      SHA1

      cb0f9326cbbbc7af2dab334414dd344dae0663c0

      SHA256

      460d1d89dfaf016b05bd5e05d2debf0b81704b6832808d3f46cc03088d767bf9

      SHA512

      0bb2ef6d360a5e7c049c97d35b18b2615da02c190ddf1bb88c7140b5db4e0818511a811bbcabf841c5ad5a2203bc36a54489be0d5953157cf6d52fd0d5e3d373

    • /storage/emulated/0/ifreetalk/download/action/ACTION102/thumb.png
      Filesize

      7KB

      MD5

      cc5b2d716b21cd19bdc32e08fdcd4625

      SHA1

      9befbaa60635f9ca6d10e4991378dd2354a8a529

      SHA256

      9ff9039a2eb3e2965788bac24a4488d556c17d7905880c41f2625d6953b4d231

      SHA512

      986ab6bdbca7317a5fa2139d82df8bebe8bc5e018f65d0d83b77557e796385145353e9b2c4e3a6e32a0471cee5275855f9b35f7a92e78a9ddbadda5b642061dd

    • /storage/emulated/0/ifreetalk/download/action/ACTION103/thumb.png
      Filesize

      6KB

      MD5

      e8eec72d5bbcb0c6f7c56edb859ac09e

      SHA1

      055ffc028e110a1f5c3ce39684d3d793c9dbe6b4

      SHA256

      bd800a3a1a122b73e3cd459704bfcf6ba98af0f86b4665d81e1324668b90004a

      SHA512

      be764527fa73a594dd60712254b96fcda4ece0d83ab27c4281f02597bfb0f241ebf71998dd99f8e28e588d97560536c494d503215c10cb7bfd1810ea4e8d5c7c

    • /storage/emulated/0/ifreetalk/download/action/ACTION110/thumb.png
      Filesize

      7KB

      MD5

      991134b1170bc97a5082edafc91643f1

      SHA1

      f7eefe52b7093d70ec38ff0e58acbaccdffad53b

      SHA256

      5beaff61dad2588027eb0a146ab70365f2cfc2b4472ddb951779286b69800302

      SHA512

      2565127ba3f424455615540da9bcba201d779dba8a3039a6e7d217558402a8fa5b846423e4ad1889e3313063c0dba10c3df58e0d763139f608f6d5f8af0472d6

    • /storage/emulated/0/ifreetalk/download/action/ACTION111/thumb.png
      Filesize

      5KB

      MD5

      be7d7a1e98a3b57196f632751f002b6c

      SHA1

      d1c529ebeea19e0df047b374a7ecda0da7741007

      SHA256

      a1631a56c1c4864928a249ee8533d5d021d4becbf8d235ce03eef760bc08d89c

      SHA512

      11181b8a01951789f8854482d28d481b54d6da5213a8dbe553127d366c8c3b956cff1686e06cd8699f50853feb8762bf759f0235c58e683cbf3eceeb8741f7e4

    • /storage/emulated/0/ifreetalk/download/action/ACTION112/thumb.png
      Filesize

      5KB

      MD5

      b905f4c4679f2b6b3dd260ff14bb1e3d

      SHA1

      efc6bca138eeae4cc3502f68e2c2ba7e5d0be3a5

      SHA256

      b3dc8f7ddfb2f94aea1b674c78cf66ff1c88629daedeaf3f9b1c3512aa9e79ff

      SHA512

      1f7c26b6a0b1d74c33b6b71ff5d38c1bb0be22a3a4c4f09b06b719f09901f16521b1238d1ee1dad83d54a7d81f0f3d81f7814660ab4e3ab2bf894a912cd62732

    • /storage/emulated/0/ifreetalk/download/action/ACTION113/thumb.png
      Filesize

      5KB

      MD5

      7b2c28d202228e77004843aab49cde27

      SHA1

      0a7f5b704bfb02bc965835c3c6901fdad4a0df94

      SHA256

      a47a9f5430db1fc690e6766b75dee8a7ce0dd2d099eb66920d65133f9350e542

      SHA512

      5b5f68f21a7fff321846eed4e3b3a1d44ebb752cabed0289f94c1ef4a213f033d6cee03cdf5a3a9518e76676a2a5ce2d851c2d4edc84ffa7ff1d63cdd03ebd90

    • /storage/emulated/0/ifreetalk/download/action/json/0000.json
      Filesize

      1KB

      MD5

      3bebf43aee3d1b08afb5e08df1d7880b

      SHA1

      d852b44b34db7db381abdcd6d61c492aaf2e13be

      SHA256

      0b66f4c61f3c5e849b2d5234f23ea35290f68e28826188ea000f5e8c42f67e22

      SHA512

      9a63bf7320b82c50829501bb9332383159b9ea976bf162c7f0babd5d268431186fbcd1334239b6ade22dd324314828378c594585c0af6879da41c173e24d75c5

    • /storage/emulated/0/ifreetalk/download/imgcache/journal.tmp
      Filesize

      31B

      MD5

      8c92de9ce46d41a22f3b20f77404cc1d

      SHA1

      8671a6dca00edb72be47363a7071be65cf270373

      SHA256

      68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

      SHA512

      30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56